First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to get all the domains which use DNS query?

How to list all the DNS domains?

I have a requirement: check my snapshot, in a duration there have several DNS queries, this link below is one: https://i.stack.imgur.com/za2FV.png

Queries: assets.msn.com: type A, class IN

how to get all the domains of all queries as a list?

markleo's avatar
7
markleo
asked 2021-11-19 02:54:31 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

This is a classic case for using tshark with the -T fields option. With a display filter set so that only answers are shown:

tshark -r <yourcapture> -Y "dns.count.answers > 0" -T fields -e dns.qry.name -e dns.resp.name

replacing <yourcapture> with the path to the capture file.

Output looks like this, with first the query, then the answer(s): 

az667904.vo.msecnd.net  az667904.vo.msecnd.net,az667904-pme.azureedge.net,az667904-pme.ec.azureedge.net,cs9.wpc.v0cdn.net

Note in this case there were multiple answer records for the query, all comma separated.

grahamb's avatar
23.8k
grahamb
answered 2021-11-19 09:27:02 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer